Cloud Solution Design - Replatform to Amazon Web Services (AWS)

Amazon Web Services (AWS)

This whitepaper will introduce Solution Design Replatform to Amazon Web Services (AWS), the cloud computing service of Amazon.

Cloud Solution Design - Amazon Web Services (AWS)

DISCOVERY 

Why moving to the cloud 

- Financial Reasons 

o Reduce expenses 

o Increase operations 

o Enhance outcomes 

- Improve overall ROI

- Meet competitive challenges  

PRESENTING A SOLUTION

Current Architecture  

Current Architect


2-tier solution:

- web

- Database 

Access 

- Web tier: customers on web ports 

- Database tier: web tier on database ports 

Nightly database backups to tape 

Proposed Solutions 

Amazon Web Services (AWS) 

Replatform

Re-Platform to AWS

To Be Cloud Architect 

Proposed Solution Design on AWS

- Web tier (Web Proxy) - Web (web traffic) Internet 

- App tier (App Server) - App (app traffic) Web 

- DB tier (Amazon RDS) - Databases (db traffic) App

- Bastion hosts (management traffic) – Small instance type 

- AWS Identity and Access Management (IAM) – least privilege  

- Security 

o Only the web hosts in public subnet 

o Security groups 

Web - only allow internet traffic on 80/443

App hosts - only allow web proxy on app port 

Amazon Relational Database Service (Amazon RDS) - only allow app host on 3306

The management of Bastion Host with Amazon EC2 Systems

o NACL (Network Access Control Lists) - as an additional layer 

o Amazon Simple Storage Service (Amazon S3) buckets have security features enabled 

o AWS Identity and Access Management (IAM) policies configured along the principles of least privilege 

o Monitoring and logging 

DELIVERING A PROOF OF CONCEPT (POC)

Evaluating the solution in the customer’s environment 

Let’s start AWS Free Tier - https://aws.amazon.com/free/ 

IMPLEMENTING SOLUTION

Production Solution Implementation 

KEY TAKEAWAYS

The Six R’s 

Rehost 

Tools: AWS VM Import/Export 

Replatform 

- Migrating databases to Amazon RDS 

- Migrating applications to Amazon Elastic Beanstalk 

Refactor 

Using cloud native features 

Retire

Shutting off non-useful applications 

Reducing spend, management, and security 

Retain/Revisit 

Keeping certain applications on-premises 

Repurchase 

Moving workflows to software as a service (SaaS) 

Cloud Architecture Best Practices  

- Design for failure and nothing fails

o Avoid single points of failure 

o Multiple instances 

o Multiple Availability Zones 

o Separate single server into multiple tired application 

o For Amazon RDS, use Multi-AZ feature  

- Build security in every layer

o Encrypt Data at rest and in transit 

o Enforce principle of least privilege in IAM 

o Implement both Security Groups and Network Access Control Lists (NACL) 

o Consider advanced security features and services 

- Leverage different storage options

o Move static web assets to Amazon S3

o Use Amazon CloudFront to serve globally 

o Store session state in DynamoDB

o Use ElastiCache between hosts and databases  

- Implement elasticity

o Implement Auto Scaling policies 

o Architect resiliency to reboot and relaunch 

o Leverage managed services like Amazon S3 and Amazon DynamoDB 

- Think parallel

o Scale horizontally, not vertically 

o Decouple compute from session/state 

o Use Elastic Load Balancing 

o Right-size your infrastructure  

- Loose coupling sets you free

o Instead of a single, ordered workflow, use multiple queues 

o Use Amazon Simple Queue Service (SQS) and Simple Notification Service (SNS) 

o Leverage existing services 

- Don’t fear constraints

o Rethink traditional constraints 

o Need more RAM? 

o Better IOPS for databases? 

o Response to failure  

Solution Design Replatform to Amazon Web Services (AWS)

Source: AWS

Comments

Let's connect. A great way to get my attention is to comment on one of my posts.

Get In Touch

Send